Many of the public-key cryptographic standards we use today will be vulnerable to attacks from a large-scale quantum computer. To address this threat, NIST initiated a rigorous process in 2016 to select quantum-resistant cryptographic algorithms to standardize. This talk will review this NIST PQC standardization effort, which culminated in the publication of the first set of PQC standards in August 2024, with ML-KEM, ML-DSA, and SLH-DSA. The talk will also detail the ongoing standardization of additional signature scheme(s), called “the on-ramp”, and the selection of HQC for an additional KEM standard.
Crucially, the talk will outline the necessary transition to those new standards. Migration timelines are given in NIST IR 8547, which proposes that currently approved quantum-vulnerable public-key algorithms will be disallowed after 2035. The talk will showcase the efforts of the National Cybersecurity Centre of Excellence’s Migration to PQC project, which is helping the community by tackling adoption issues, testing how different systems work together, and providing advice to speed up the global shift to secure cryptography against quantum threats.
Quynh Dang is a member of the Cryptographic Technology Group (CTG) at National Institute of Standards and Technology (NIST). He has worked in the field of applied cryptography for 20+ years. His interests include symmetric key, asymmetric key and post-quantum cryptography, and protocol security.
India Internet Engineering Society (IIESoc) & Industry Network Technology Council (INTC) will be organizing the 6th iteration of Connections as a joint fully online event on Feb 5-8 2024.
Post Quantum Security track with talks from Bas Westerban and Tirumaleswar Reddy.
Dawn of the Post Quantum Internet
We are at a pivotal moment in cybersecurity. Browsers are rolling out post-quantum encryption by default to counter the store-now-decrypt-later threat. What once was the subject of futuristic tech demos, will soon become the baseline expectation for security. Encryption is only half the story. Post-quantum certificates are much more challenging to deploy. In this talk, we will take measure of the current state, and the challenges that lay ahead for the public Web and its PKI.
PQC for Engineers
I will talk about the “Post-Quantum Cryptography for Engineers” draftthat is adopted in the PQUIP WG. This document explains why engineers need to be aware of and understand post-quantum cryptography. It emphasizes the potential impact of Cryptographically Relevant Quantum Computers on current cryptographic systems and the need to transition to post-quantum algorithms to ensure long-term security.
Several widely-deployed messaging applications have developed their own protocols. While these protocols are similar, no two are close enough to interoperate. As a result, each application vendor has had to maintain their own protocol stack and independently build trust in the quality of the protocol. The goal of the
working group is to develop a standard messaging security protocol for human-to-human(s) communication with the above security and deployment properties so that applications can share code, and so that there can be shared validation of the protocol (as there has been with TLS 1.3).
TLS 1.3, the latest version of the Transport Layer Security protocol, brings forth significant advancements and improvements over its predecessors. In this discussion, we will delve into some of the key changes introduced by TLS 1.3, namely the increased encryption in the handshake process, deprecation of specific key exchange algorithms, and the introduction of new extensions. Additionally, we will explore the implications of TLS 1.3 on network management within enterprises.
Nalini started her career doing network design and monitoring for the Chevron network. She specializes in network performance analysis, measurement, monitoring, tuning, and troubleshooting of large enterprise networks.
One of her specialties is training and network design for IPv6 migration for large enterprises. Many of the Fortune 1000 level companies as well as the large US government organizations have taken her classes on various networking topics.
She has developed network monitoring and diagnostic products which IBM and other software companies later marketed. She received the A.A. Michelson award from the Computer Measurement Group for her contributions to the field. Nalini is on the Advisory Board of the India Internet Engineering Society (IIESoc).
In this one-hour webinar, we will delve into the world of Transport Layer Security (TLS) and focus on one of its fundamental components, the handshake. TLS is a cryptographic protocol widely used to secure communication over computer networks. By analyzing packet traces, we will demystify the TLS handshake process, step by step, and gain a comprehensive understanding of how it establishes secure connections.
- The importance of TLS and secure communication
- Overview of the TLS protocol
- Explanation of its role in securing network communications
- Discussion on the importance of the handshake process
- A step-by-step breakdown of the TLS handshake process
- Highlighting key TLS handshake message types and their significance
Nalini Elkins is the President of the Industry Network Technology Council. She is also the CEO and Founder of Inside Products, Inc. Nalini is a recognized leader in the field of computer performance measurement and analysis. In addition to being an experienced software product designer, developer, and planner, she has been the founder or co-founder of four start-ups in the high-tech arena.
Nalini started her career doing network design and monitoring for the Chevron network. She specializes in network performance analysis, measurement, monitoring, tuning, and troubleshooting of large enterprise networks.
One of her specialties is training and network design for IPv6 migration for large enterprises. Many of the Fortune 1000 level companies as well as the large US government organizations have taken her classes on various networking topics.
She has developed network monitoring and diagnostic products which were later marketed by IBM and other software companies. She received the A.A. Michelson award from the Computer Measurement Group for her contributions to the field. Nalini is on the Advisory Board of the India Internet Engineering Society (IIESoc).
This webinar is a part of the Cryptography webinar series.
The goal for the second security session is to understand some of the terms which are crucial to cryptography. The explanation will be for those implementing security protocols rather than academics or cryptographers. We will cover:
-
DES
-
3DES
-
Asymmetric encryption / symmetric encryption
-
Elliptic curve cryptography
-
Certificate authorities
-
Diffie-Hellman key exchange
-
Diffie-Hellman groups
-
Hashed message authentication code (HMAC)
-
Message authentication code (MAC)
-
Message digest algorithm 5 (MD5)
-
Rivest Shamir Adleman (RSA)
-
Secure hash algorithm (SHA)
-
X.500 distinguished name
-
X.509 digital certificates
Nalini Elkins is the President of the Industry Network Technology Council. She is also the CEO and Founder of Inside Products, Inc. Nalini is a recognized leader in the field of computer performance measurement and analysis. In addition to being an experienced software product designer, developer, and planner, she has been the founder or co-founder of four start-ups in the high-tech arena.
Nalini started her career doing network design and monitoring for the Chevron network. She specializes in network performance analysis, measurement, monitoring, tuning, and troubleshooting of large enterprise networks.
One of her specialties is training and network design for IPv6 migration for large enterprises. Many of the Fortune 1000 level companies as well as the large US government organizations have taken her classes on various networking topics.
She has developed network monitoring and diagnostic products which were later marketed by IBM and other software companies. She received the A.A. Michelson award from the Computer Measurement Group for her contributions to the field. Nalini is on the Advisory Board of the India Internet Engineering Society (IIESoc).
The goal for the first security session is to understand some of the terms which are crucial to cryptography. The explanation will be for those implementing security protocols rather than academics or cryptographers. We will cover:
-
DES
-
3DES
-
Asymmetric encryption / symmetric encryption
-
Elliptic curve cryptography
-
Certificate authorities
-
Diffie-Hellman key exchange
-
Diffie-Hellman groups
-
Hashed message authentication code (HMAC)
-
Message authentication code (MAC)
-
Message digest algorithm 5 (MD5)
-
Rivest Shamir Adleman (RSA)
-
Secure hash algorithm (SHA)
-
X.500 distinguished name
-
X.509 digital certificates
Nalini Elkins is the President of the Industry Network Technology Council. She is also the CEO and Founder of Inside Products, Inc. Nalini is a recognized leader in the field of computer performance measurement and analysis. In addition to being an experienced software product designer, developer, and planner, she has been the founder or co-founder of four start-ups in the high-tech arena.
Nalini started her career doing network design and monitoring for the Chevron network. She specializes in network performance analysis, measurement, monitoring, tuning, and troubleshooting of large enterprise networks.
One of her specialties is training and network design for IPv6 migration for large enterprises. Many of the Fortune 1000 level companies as well as the large US government organizations have taken her classes on various networking topics.
She has developed network monitoring and diagnostic products which were later marketed by IBM and other software companies. She received the A.A. Michelson award from the Computer Measurement Group for her contributions to the field. Nalini is on the Advisory Board of the India Internet Engineering Society (IIESoc).
From: Thursday, 23rd February 2023 to Thursday, 12th October 2023
Session Topics for Security webinars:
- Fundamentals of Cryptography: February 23, 11am Eastern, 9:30pm India
- Fundamentals of Cryptography: April 20, 11am Eastern, 8:30pm India
- Fundamentals of Cryptography: May 18, 11am Eastern, 8:30pm India
- How does TLS work? (up to 1.3): June 15, 11am Eastern, 8:30pm India
- How does TLS1.3 work?: August 10, 11am Eastern, 8:30pm India
- Introduction to MLS: September 14, 11am Eastern, 8:30pm India
- MLS in Depth: October 12, 11am Eastern, 8:30pm India
Connections is being held April 2-8, 2022, shortly after the IETF 113 meeting. It is a fully online event created jointly by IIESoc & INTC. The first day will include the following keynote presentations:
- IPv6 — past, present & future by Bob Hinden
- Going Dark — catastrophic security and privacy losses due to loss of visibility by managed private network operators by Dr. Paul Vixie
- TBD by Ron Bonica
This session discusses the ways enterprises might want to think about migration to IPv6. Some vulnerabilities may be the same as IPv4 while other will be different. Vulnerabilities may be introduced by additional complexity, for example, transition mechanisms or dual-stacking.When many enterprises think about security, a number of areas are involved. These include:
- Audits/Compliance
- Threat detection
- Risk analysis
- Root cause determination
- Encryption
- Privacy
- Confidentiality
- Penetration testing
Presented by Nalini Elkins.
Unwanted and illegal robocalls continue to be both one of the largest communications-related nuisances (particularly since many of us are home to get them all day…) and are commonly used to defraud victims using social security, warranty and other scams. Fighting these unwanted calls has proven to be hard and is likely to require a combination of approaches that may also hasten the end of the traditional circuit-switched public switched telephone network. I’ll describe why unwanted robocalls are probably harder to curtail than spam emails and what techniques may help. I’ll focus particularly on calling number authentication, standardized by the IETF and ATIS in the STIR and SHAKEN working groups. STIR/SHAKEN offer a good case study that protocol standards are necessary, but need to be augmented by additional organizational infrastructure and operational practices to be successful. However, calling number authentication combined with simple call filters may only offer a temporary respite from unwanted calls unless other holes in the call delivery chain are plugged that allow shady operators to place millions of calls.
Prof. Henning Schulzrinne, Levi Professor of Computer Science at Columbia University, received his Ph.D. from the University of Massachusetts in Amherst, Massachusetts. MTS at AT&T Bell Laboratories; associate department head at GMD-Fokus (Berlin), before joining the Computer Science and EE departments at Columbia University. He served as chair of Computer Science from 2004 to 2009 and as Engineering Fellow, Technical Advisor and Chief Technology Officer of the Federal Communications Commission (FCC) from 2010 until 2017.
Protocol standards co-developed by him, including RTP, RTSP and SIP, are now used by almost all Internet telephony and multimedia applications. Fellow of the ACM and IEEE.
How security will be handled in IPv6 is a question asked by many. Myths abound. In this session, we will start to look at:
• NAT is not a firewall (security by obscurity)
• Complexities introduced by multiple stacks
• Risks introduced by not considering IPv6
• Reconn attacks and defense
• Local network attacks and defense
• Unauthenticated NDP (similar to ARP)
• Cache table exhaustion and ping-pong attacks
• Rogue device attachments
• Mitigations
• Extension Headers
• ICMPv6
This is only a start. In the following year, we plan to do a more detailed investigation of this critical area. There will be follow-on webcasts. In the survey to enterprises, many people said that this was a topic they considered very important.
Nalini Elkins is the President of the Industry Network Technology Council. She is also the CEO and Founder of Inside Products, Inc. Nalini is a recognized leader in the field of computer performance measurement and analysis. In addition to being an experienced software product designer, developer, and planner, she is a formidable businesswoman. She has been the founder or co-founder of three start-ups in the high-tech arena.
Peer-to-peer group communication has long been a necessity for usability in team coordination. However, the security of such systems has not been well understood or investigated in comparison to one-to-one secure messaging options (such as Signal or even TLS). Based on an ongoing IETF standardization initiative, this presentation will introduce participants to the basic concepts of group messaging security, end-goals, and threat models – including “self-healing” security – and will prepare them to ask critical questions regarding group communication security and implementations.
Britta Hale is an Assistant Professor of Computer Science at the Naval Postgraduate School working in cryptography and cybersecurity. Her specialization areas include analysis and design of cryptographic key exchange and authentication protocols. Hale is currently active in the design and IETF standardization of the MLS group messaging protocol, user-mediated protocol analysis, and hybrid post-quantum cryptography.
Recent papers include the first public research on detection of man-in-the-middle attackers in messaging protocols. Hale holds a PhD from the Norwegian University of Science and Technology and a Master’s in Mathematics of Cryptography and Communications from Royal Holloway, Univ. of London.
ICANN is engaged in an effort for the Internationalization of Domain Names — that is, making them available in languages other than English. Thıs ınvolves fıgurıng out what new symbols must be used, of course. But also figuring out which of the new symbols are easily confused with each other, or with existing symbols. Just by way of example, the Latin alphabet contains 26 basic letters, but those can be combined with some 20 diacritic marks (little dots and lines above or below the letter), giving a total of some 220 symbols. Some are only distinguishable if you know the language they happen in. For example, in a domain name suppose you encounter a Dotless I ( ı in lower case, this occurs in Turkish) when you are expecting a regular I, will you notice. In my observation, no — especially if you have never even heard of a Dotless I. (Did you notice when they got used in one sentence above?)
The domain name which is malformed in this way will most likely take you somewhere other than where you expected. This is called a “homographic attack”. Homographic attacks can be used for phishing and pharming with the end goal of introducing viruses or for defrauding the consumer. You may wish to understand these risks. You may also want to have some input into what limits get put on new names. We will tell you how you may get involved at ICANN.
Bill Jouris has been working in the computer industry since his college days, before the Internet was even thought of. His early career in industry was dealing with performance analysis and tuning of mainframe systems for financial and healthcare firms. He is Chief Operating Officer at Inside Products.
In addition, Bill has been active in the Computer Measurement Group, which is the professional organization for the computer performance field for decades, and served two terms on its Board of Directors. He is on the ICANN Latin Generation Panel which is a part of ICANN’s effort to expand the range of possible domain names.